Skip to content

YAFNET XSS in EditSignature Page

High
w8tcha published GHSA-mg6p-jjff-7g5m Jan 28, 2023

Package

No package listed

Affected versions

3.1.11

Patched versions

3.1.12

Description

Summary

A cross-site scripting vulnerability exists. The vulnerability allows a user to embed arbitrary JavaScript code in the message field of the "Edit Signature" page and post a code with an XSS payload entered.

Details

affected source code file : https://github.com/YAFNET/YAFNET/blob/netfx/yafsrc/YetAnotherForum.NET/Pages/Profile/EditSignature.ascx.cs (on web page : http://your-ip.com/forum/Profile/EditSignature)
Affected version: YAFNET 3.1.11
A cross-site scripting vulnerability exists. The vulnerability allows a user to embed arbitrary JavaScript code in the message field of the "Edit Signature" page and post a code with an XSS payload entered.
The signature is displayed underneath posts that the user has previously published, which can affect any user when accessing certain pages, including those who are not logged in.
It can potentially lead to credential disclosure in trusted sessions.

PoC

<img src=/ onmouseover=alert('XSS_from_chtsec_user')>

Impact

What kind of vulnerability is it? Who is impacted?
XSS (Cross-Site Scripting)
YAFNET version:3.1.11

Reference

https://drive.google.com/drive/folders/1iJuhjLQy3QPIgKKgWUzEEfr_q0boaR00?usp=sharing

Severity

High
8.2
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CVE ID

No known CVE

Weaknesses

Credits